Configure DNS-over-HTTPS for Windows 10 (Build 19628 or Newer)

REQUIRED: Windows 10 (Build 19628 or Newer)

REQUIRED: MOBILE DOH ADDRESS PREFIX

Creating a Virtual Site for Off-Network Clients and DoH Urls

REPLACE {DOH PREFIX} with your DoH prefix.

Enable DoH in Windows 10

• Open the Registry Editor (regedit).
• Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
• Create a new DWORD (32-bit) Value named EnableAutoDoh.
• Set its value data to 2.

Add DoH Servers to Windows 10’s auto-promotion list

Run the following commands as administrator:

netsh dns add encryption server=142.202.107.1 dohtemplate="https://{DOH PREFIX}.dns.securd.com/dns-query"
netsh dns add encryption server=142.202.107.2 dohtemplate="https://{DOH PREFIX}.dns.securd.com/dns-query"
netsh dns add encryption server=2620:82:6000::1 dohtemplate="https://{DOH PREFIX}.dns.securd.com/dns-query"
netsh dns add encryption server=2620:82:6000::2 dohtemplate="https://{DOH PREFIX}.dns.securd.com/dns-query"

Verify DoH Servers

Verify the template was applied to the DoH servers with the following commands:

netsh dns show encryption server=142.202.107.1
netsh dns show encryption server=142.202.107.2
netsh dns show encryption server=2620:82:6000::1
netsh dns show encryption server=2620:82:6000::2

Configure DNS Servers in Control Panel

• Open Control Panel.
• Go to Network and Internet -> Network and Sharing Center -> Change adapter settings.
• Right click on the connection you want to add a DNS server to and select Properties.
• Select either Internet Protocol Version 4 (TCP/IPv4) and/or Internet Protocol Version 6 (TCP/IPv6) and click Properties.
• Select the Use the following DNS server addresses radio button, and add the DNS server addresses into the fields below.
• Click OK or Apply to close all the dialog window.
• Restart the computer, Windows 10 should abandon classic DNS over port 53 and send DNS resolution requests over.